This is Success?! New Viruses on Macs

The recent WannaCry ransomware virus outbreak has a lot of people wondering how to keep themselves safe from hackers. There will be the usual folks who say you should stay away from Windows machines because they are the only ones with vulnerabilities. Or that it's all the NSA's fault ...

FOR IMMEDIATE RELEASE:
SmartCEO Selects Dana Molina for Brava 2016 Award
Dana Molina selected as one of 40 executives who combine their entrepreneurial spirit with a passion for giving back to the community.
New York, NY – July 7, 2016 – Dana Molina, Co-Founder and VP of SureTech, has been ...

Email Hacking
We are seeing an increase in the number of incidents where criminals are specifically targetting the Finance or HR departments at companies to gain funds or personal data. What to look out for:
You receive an email that appears to be from someone senior at your ...

Windows 10 is Here
You've probably heard about the new version of Windows about to be released by Microsoft, Windows 10. And you may have even seen a little icon displayed at the bottom right of your screen which allows you to “Get Windows 10”.
SureTech ...

The days where Macs are the one impenetrable place for viruses unfortunately seem to be over. New malware attacks are popping up more frequently on Macs these days. We now recommend AntiVirus for your Mac as well.

I was able to duplicate these results and encountered an identical attempt from this same campaign to convince me to install a rather nasty Trojan on a Mac. (Sophos has an analysis of what this particular species does.) I uploaded the sample—a Mac installer package in a Zip file—to Virustotal.com, which confirmed that it is indeed the same code.

Remember last month when I showed you a malware attack that wastargeting Google Chrome users? In a follow-up post, I wondered whether Macs would be far behind. They aren’t.

I just did a search for radioactive tsunami waves on Google and then clicked the Images button. On the second page of search results, I found one that looked legit:

When I clicked it on a PC, it redirected me to a fake AV screen that mimicked a Windows security screen. But when I did the same search on a Mac, clicking the poisoned image took me to this page:

This campaign is obviously preying on the fears of recent Mac converts and technical unsophisticates, who might believe that their Mac really is infected. After that, it tried to convince me to install the program using the same set of social engineering tricks that this sort of attack employs on a Windows PC.

Interestingly, just as on a PC, Firefox showed me a download prompt and asked me whether I wanted to save the file or not. Google Chrome downloaded the dangerous file automatically without any prompts and saved it in my Downloads folder.

It is easy to dismiss this as a crude attempt, and indeed, I don’t think many people are likely to fall for this attack. But dismissing this sample because it’s not particularly well done is like dismissing an entire computing platform because of a single poorly written app.

It is possible that this particular poisoned page contained image files or script intended to exploit a known vulnerability in OS X. According to a 2010 Google study of search poisoning, 14% of all the compromised sites they saw included drive-by download attempts in addition to this sort of social engineering. If someone visits this page on a system that doesn’t include all recent updates for OS X and their browser, they could be extremely vulnerable.

And note that the bad guys get better over time. This attack might be crude, but that doesn’t mean the next one will be. I have seen some remarkably effective phishing attempts. In the hands of a skilled gang of thieves, this approach could cull out the weaker members of the Mac herd and create some genuine headaches for the friends or co-workers who have to provide emergency technical support.